NotebookLM Audio Generator

Security checks across malware telemetry and agentic risk

Overview

The skill is a straightforward NotebookLM automation, but users should understand their chosen sources are uploaded to Google and the generated audio is saved locally.

Install only if you are comfortable sending the selected sources to Google's NotebookLM and using the required CLI/helper tools. Avoid confidential or regulated documents unless you have authority to upload them, choose the download folder deliberately, and delete the created NotebookLM notebook afterward if you do not want the uploaded sources retained there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill automates uploading local files, URLs, YouTube links, and Google Drive document references into Google's NotebookLM, but it does not clearly warn users that this content will be transmitted to a third-party cloud service. This creates a real privacy and data-handling risk because users may unknowingly submit sensitive, proprietary, or regulated information to an external provider.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal